@girardmedia/bootspring 2.2.0 → 2.3.0

package/core/project-activity.js

@@ -1,175 +0,0 @@
-/**
- * Project collaboration activity + notification helpers.
- *
- * Uses telemetry JSONL as an append-only audit source.
- */
-
-const crypto = require('crypto');
-
-const NOTIFICATION_EVENT = 'project_membership_notification';
-const DEFAULT_ACTIVITY_LIMIT = 25;
-const MAX_ACTIVITY_SCAN = 500;
-const KNOWN_ACTIVITY_EVENTS = new Set([
-  NOTIFICATION_EVENT,
-  'project_invitation_sent',
-  'project_invitation_accepted',
-  'project_invitation_declined',
-  'project_member_added',
-  'project_member_removed',
-  'project_member_role_updated',
-  'project_owner_transferred'
-]);
-
-function getTelemetry() {
-  return require('./telemetry');
-}
-
-function sanitizeToken(value, fallback) {
-  const normalized = String(value || '')
-    .trim()
-    .toLowerCase()
-    .replace(/[^a-z0-9_-]+/g, '-')
-    .replace(/^-+|-+$/g, '');
-  return normalized || fallback;
-}
-
-function projectIdFromPayload(payload) {
-  return String(payload.projectId || payload.project || payload.projectSlug || '').trim();
-}
-
-function projectScopeFromProjectId(projectId) {
-  if (!projectId) return '';
-  return `ps_${crypto.createHash('sha256').update(projectId).digest('hex').slice(0, 16)}`;
-}
-
-function projectScopeFromPayload(payload) {
-  return String(payload.projectScope || payload.project_scope || '').trim();
-}
-
-function describeEvent(event, payload = {}) {
-  const email = String(payload.email || payload.targetEmail || payload.target || '').trim();
-  const role = String(payload.role || '').trim();
-  const target = String(payload.targetUserId || payload.userId || '').trim();
-
-  if (event === 'project_invitation_sent') {
-    return email ? `Invitation sent to ${email}${role ? ` (${role})` : ''}` : 'Invitation sent';
-  }
-  if (event === 'project_invitation_accepted') {
-    return email ? `${email} accepted invitation` : 'Invitation accepted';
-  }
-  if (event === 'project_invitation_declined') {
-    return email ? `${email} declined invitation` : 'Invitation declined';
-  }
-  if (event === 'project_member_added') {
-    return email ? `Member added: ${email}${role ? ` (${role})` : ''}` : 'Member added';
-  }
-  if (event === 'project_member_removed') {
-    return target ? `Member removed: ${target}` : 'Member removed';
-  }
-  if (event === 'project_member_role_updated') {
-    return target ? `Member role updated: ${target}${role ? ` -> ${role}` : ''}` : 'Member role updated';
-  }
-  if (event === 'project_owner_transferred') {
-    const owner = String(payload.newOwnerId || target || '').trim();
-    return owner ? `Ownership transferred to ${owner}` : 'Ownership transferred';
-  }
-  return String(payload.message || event).trim();
-}
-
-function toActivityEntry(record) {
-  const payload = record.payload || {};
-  const projectId = projectIdFromPayload(payload);
-  return {
-    timestamp: String(record.timestamp || ''),
-    projectId,
-    projectScope: projectScopeFromPayload(payload),
-    event: String(record.event || ''),
-    action: sanitizeToken(payload.action || record.event, 'project_activity'),
-    actor: String(payload.actor || payload.actorId || 'system'),
-    target: String(payload.target || payload.email || payload.targetUserId || ''),
-    message: describeEvent(String(record.event || ''), payload),
-    metadata: payload
-  };
-}
-
-function trackProjectActivity(event, payload = {}, options = {}) {
-  const normalizedEvent = sanitizeToken(event, 'project_activity');
-  const projectScope = projectScopeFromProjectId(projectIdFromPayload(payload));
-  const telemetry = getTelemetry();
-  telemetry.emitEvent(normalizedEvent, {
-    ...payload,
-    ...(projectScope ? { projectScope } : {}),
-    action: normalizedEvent,
-    occurredAt: options.now ? new Date(options.now).toISOString() : new Date().toISOString()
-  }, options);
-}
-
-function trackMembershipNotification(payload = {}, options = {}) {
-  const event = String(payload.event || '').trim();
-  const type = sanitizeToken(payload.type || event || 'membership_update', 'membership_update');
-  const message = String(payload.message || describeEvent(event || type, payload)).trim() || 'Membership updated';
-  const projectScope = projectScopeFromProjectId(projectIdFromPayload(payload));
-
-  const telemetry = getTelemetry();
-  telemetry.emitEvent(NOTIFICATION_EVENT, {
-    ...payload,
-    ...(projectScope ? { projectScope } : {}),
-    type,
-    message,
-    occurredAt: options.now ? new Date(options.now).toISOString() : new Date().toISOString()
-  }, options);
-}
-
-function getProjectActivityFeed(options = {}) {
-  const telemetry = getTelemetry();
-  const limit = Number(options.limit);
-  const effectiveLimit = Number.isFinite(limit) && limit > 0 ? Math.min(limit, MAX_ACTIVITY_SCAN) : DEFAULT_ACTIVITY_LIMIT;
-
-  const records = telemetry.listEvents({
-    projectRoot: options.projectRoot,
-    limit: MAX_ACTIVITY_SCAN
-  });
-
-  const projectId = String(options.projectId || '').trim();
-  const projectScope = projectScopeFromProjectId(projectId);
-  return records
-    .filter(record => KNOWN_ACTIVITY_EVENTS.has(String(record.event || '')))
-    .map(toActivityEntry)
-    .filter(entry => {
-      if (!projectId) return true;
-      if (entry.projectId === projectId) return true;
-      return !!projectScope && entry.projectScope === projectScope;
-    })
-    .sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime())
-    .slice(0, effectiveLimit);
-}
-
-function getMembershipNotifications(options = {}) {
-  const limit = Number(options.limit);
-  const effectiveLimit = Number.isFinite(limit) && limit > 0 ? Math.min(limit, MAX_ACTIVITY_SCAN) : DEFAULT_ACTIVITY_LIMIT;
-
-  return getProjectActivityFeed({
-    projectId: options.projectId,
-    limit: MAX_ACTIVITY_SCAN,
-    projectRoot: options.projectRoot
-  })
-    .filter(entry => entry.event === NOTIFICATION_EVENT || entry.event.startsWith('project_invitation_') || entry.event.startsWith('project_member_') || entry.event === 'project_owner_transferred')
-    .map(entry => ({
-      timestamp: entry.timestamp,
-      projectId: entry.projectId,
-      event: entry.event,
-      type: sanitizeToken(entry.metadata.type || entry.action, 'membership_update'),
-      message: String(entry.metadata.message || entry.message || 'Membership updated'),
-      actor: entry.actor,
-      target: entry.target,
-      metadata: entry.metadata
-    }))
-    .slice(0, effectiveLimit);
-}
-
-module.exports = {
-  trackProjectActivity,
-  trackMembershipNotification,
-  getProjectActivityFeed,
-  getMembershipNotifications
-};

package/core/redaction.d.ts

@@ -1,5 +0,0 @@
-export const REDACTED: '[REDACTED]';
-
-export function redactSensitiveString(value: string): string;
-export function redactSensitiveData<T>(input: T, depth?: number): T;
-export function redactErrorMessage(error: unknown): string;

package/core/redaction.js

@@ -1,63 +0,0 @@
-/**
- * Centralized sensitive-data redaction helpers for runtime JS modules.
- */
-
-const REDACTED = '[REDACTED]';
-
-const SENSITIVE_KEY_PATTERN = /(?:^|[_-])(api[_-]?key|token|refresh[_-]?token|authorization|x[_-]?api[_-]?key|project[_-]?id)$/i;
-
-function redactPatternMatches(value) {
-  return value
-    .replace(/\b(?:bs|sk)_(?:live|test)_[A-Za-z0-9_-]{8,}\b/g, REDACTED)
-    .replace(/\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g, REDACTED)
-    .replace(/\bBearer\s+[A-Za-z0-9._-]+\b/gi, `Bearer ${REDACTED}`)
-    .replace(/\bproj_[A-Za-z0-9_-]{6,}\b/g, `proj_${REDACTED}`)
-    .replace(/(["']?(?:authorization|x-api-key|apiKey|token|refreshToken|projectId)["']?\s*[:=]\s*["']?)([^"',\s}]+)/gi, `$1${REDACTED}`);
-}
-
-function redactSensitiveString(value) {
-  return redactPatternMatches(String(value || ''));
-}
-
-function redactSensitiveData(input, depth = 0) {
-  if (depth > 10) {
-    return input;
-  }
-
-  if (typeof input === 'string') {
-    return redactSensitiveString(input);
-  }
-
-  if (Array.isArray(input)) {
-    return input.map(item => redactSensitiveData(item, depth + 1));
-  }
-
-  if (!input || typeof input !== 'object') {
-    return input;
-  }
-
-  const output = {};
-  for (const [key, value] of Object.entries(input)) {
-    if (SENSITIVE_KEY_PATTERN.test(key)) {
-      output[key] = REDACTED;
-      continue;
-    }
-    output[key] = redactSensitiveData(value, depth + 1);
-  }
-  return output;
-}
-
-function redactErrorMessage(error) {
-  if (!error) return '';
-  if (error instanceof Error) {
-    return redactSensitiveString(error.message || String(error));
-  }
-  return redactSensitiveString(String(error));
-}
-
-module.exports = {
-  REDACTED,
-  redactSensitiveString,
-  redactSensitiveData,
-  redactErrorMessage
-};

package/core/self-update.js

@@ -1,259 +0,0 @@
-const fs = require('fs');
-const os = require('os');
-const path = require('path');
-const { execFileSync, spawnSync } = require('child_process');
-const { PACKAGE_NAME } = require('./mcp-config');
-
-const pkg = require('../package.json');
-const CURRENT_VERSION = pkg.version || '0.0.0';
-const DEFAULT_INTERVAL_MS = Number.parseInt(
-  process.env.BOOTSPRING_AUTO_UPDATE_INTERVAL_MS || `${6 * 60 * 60 * 1000}`,
-  10
-);
-const STATE_PATH = path.join(os.homedir(), '.bootspring', 'update-state.json');
-
-function getNpmCommand() {
-  if (process.env.BOOTSPRING_NPM_COMMAND) {
-    return process.env.BOOTSPRING_NPM_COMMAND;
-  }
-  return process.platform === 'win32' ? 'npm.cmd' : 'npm';
-}
-
-function compareVersions(a, b) {
-  const aParts = String(a || '0.0.0').split('.').map((part) => Number.parseInt(part, 10) || 0);
-  const bParts = String(b || '0.0.0').split('.').map((part) => Number.parseInt(part, 10) || 0);
-
-  for (let index = 0; index < 3; index += 1) {
-    if ((aParts[index] || 0) < (bParts[index] || 0)) {
-      return -1;
-    }
-    if ((aParts[index] || 0) > (bParts[index] || 0)) {
-      return 1;
-    }
-  }
-
-  return 0;
-}
-
-function readState() {
-  try {
-    return JSON.parse(fs.readFileSync(STATE_PATH, 'utf8'));
-  } catch {
-    return {};
-  }
-}
-
-function writeState(nextState) {
-  try {
-    fs.mkdirSync(path.dirname(STATE_PATH), { recursive: true, mode: 0o700 });
-    fs.writeFileSync(STATE_PATH, JSON.stringify(nextState, null, 2));
-  } catch {
-    // Best-effort cache only.
-  }
-}
-
-function getInstallContext() {
-  const packageRoot = path.resolve(__dirname, '..');
-  const scriptPath = path.resolve(process.argv[1] || path.join(packageRoot, 'bin', 'bootspring.js'));
-  const nodeModulesSegment = `${path.sep}node_modules${path.sep}`;
-  const forcedMode = process.env.BOOTSPRING_AUTO_UPDATE_INSTALL_MODE;
-
-  if (forcedMode === 'global' || forcedMode === 'local') {
-    const projectRoot = forcedMode === 'local'
-      ? process.env.BOOTSPRING_AUTO_UPDATE_PROJECT_ROOT || process.cwd()
-      : null;
-    return { mode: forcedMode, packageRoot, projectRoot, scriptPath };
-  }
-
-  if (packageRoot.includes(`${path.sep}_npx${path.sep}`) || scriptPath.includes(`${path.sep}_npx${path.sep}`)) {
-    return { mode: 'ephemeral', packageRoot, projectRoot: null, scriptPath };
-  }
-
-  if (!packageRoot.includes(nodeModulesSegment)) {
-    return { mode: 'development', packageRoot, projectRoot: null, scriptPath };
-  }
-
-  if (
-    scriptPath.includes(`${nodeModulesSegment}.bin${path.sep}`) ||
-    scriptPath.includes(`${nodeModulesSegment}@girardmedia${path.sep}bootspring${path.sep}bin${path.sep}`)
-  ) {
-    const [projectRoot] = packageRoot.split(nodeModulesSegment);
-    return { mode: 'local', packageRoot, projectRoot: projectRoot || process.cwd(), scriptPath };
-  }
-
-  return { mode: 'global', packageRoot, projectRoot: null, scriptPath };
-}
-
-function shouldSkipAutoUpdate(args = []) {
-  if (
-    process.env.BOOTSPRING_SKIP_AUTO_UPDATE === 'true' ||
-    process.env.BOOTSPRING_AUTO_UPDATE_APPLIED === 'true' ||
-    process.env.NODE_ENV === 'test' ||
-    process.env.CI
-  ) {
-    return true;
-  }
-
-  const tokens = Array.isArray(args) ? args.filter(Boolean) : [];
-  if (tokens.length === 0) {
-    return true;
-  }
-
-  if (
-    tokens[0] === 'help' ||
-    tokens[0] === 'update' ||
-    tokens[0] === '--version' ||
-    tokens[0] === '-v' ||
-    tokens.includes('--help') ||
-    tokens.includes('-h')
-  ) {
-    return true;
-  }
-
-  const context = getInstallContext();
-  if (context.mode === 'ephemeral') {
-    return true;
-  }
-
-  if (context.mode === 'development' && process.env.BOOTSPRING_ALLOW_DEV_AUTO_UPDATE !== 'true') {
-    return true;
-  }
-
-  return false;
-}
-
-function getLatestVersion() {
-  try {
-    const output = execFileSync(
-      getNpmCommand(),
-      ['view', PACKAGE_NAME, 'version', '--json'],
-      {
-        encoding: 'utf8',
-        stdio: ['ignore', 'pipe', 'pipe'],
-        timeout: 10000,
-        env: {
-          ...process.env,
-          npm_config_update_notifier: 'false'
-        }
-      }
-    ).trim();
-
-    if (!output) {
-      return null;
-    }
-
-    return JSON.parse(output);
-  } catch {
-    return null;
-  }
-}
-
-function applyUpdate(context) {
-  const args = context.mode === 'local'
-    ? ['install', `${PACKAGE_NAME}@latest`]
-    : ['install', '-g', `${PACKAGE_NAME}@latest`];
-
-  execFileSync(getNpmCommand(), args, {
-    cwd: context.projectRoot || process.cwd(),
-    encoding: 'utf8',
-    stdio: ['ignore', 'pipe', 'pipe'],
-    timeout: 120000,
-    env: {
-      ...process.env,
-      npm_config_update_notifier: 'false'
-    }
-  });
-}
-
-function relaunch(args = []) {
-  const result = spawnSync(process.execPath, [process.argv[1], ...args], {
-    stdio: 'inherit',
-    env: {
-      ...process.env,
-      BOOTSPRING_AUTO_UPDATE_APPLIED: 'true'
-    }
-  });
-
-  if (result.error) {
-    throw result.error;
-  }
-
-  return typeof result.status === 'number' ? result.status : 1;
-}
-
-function checkForUpdates(options = {}) {
-  const latestVersion = getLatestVersion();
-  const currentVersion = options.currentVersion || CURRENT_VERSION;
-  return {
-    current: currentVersion,
-    latest: latestVersion,
-    updateAvailable: Boolean(latestVersion) && compareVersions(currentVersion, latestVersion) < 0
-  };
-}
-
-function ensureLatestVersion(args = []) {
-  if (shouldSkipAutoUpdate(args)) {
-    return { updated: false, skipped: true };
-  }
-
-  const context = getInstallContext();
-  const state = readState();
-  const lastCheckedAt = Date.parse(state.lastCheckedAt || '');
-  const now = Date.now();
-  const cacheFresh = Number.isFinite(lastCheckedAt) && now - lastCheckedAt < DEFAULT_INTERVAL_MS;
-
-  let latestVersion = state.latestVersion || null;
-  if (!cacheFresh || state.currentVersion !== CURRENT_VERSION) {
-    latestVersion = getLatestVersion();
-    writeState({
-      ...state,
-      currentVersion: CURRENT_VERSION,
-      latestVersion,
-      lastCheckedAt: new Date(now).toISOString()
-    });
-  }
-
-  if (!latestVersion || compareVersions(CURRENT_VERSION, latestVersion) >= 0) {
-    return { updated: false, skipped: false, current: CURRENT_VERSION, latest: latestVersion };
-  }
-
-  const installTarget = context.mode === 'local' ? context.projectRoot || process.cwd() : 'global install';
-  console.error(`[bootspring] Updating ${CURRENT_VERSION} -> ${latestVersion} before continuing (${installTarget}).`);
-
-  try {
-    applyUpdate(context);
-    writeState({
-      ...readState(),
-      currentVersion: latestVersion,
-      latestVersion,
-      lastCheckedAt: new Date(now).toISOString(),
-      lastUpdatedAt: new Date().toISOString()
-    });
-    return {
-      updated: true,
-      current: CURRENT_VERSION,
-      latest: latestVersion,
-      exitCode: relaunch(args)
-    };
-  } catch (error) {
-    console.error(`[bootspring] Auto-update failed: ${error.message}`);
-    return {
-      updated: false,
-      skipped: false,
-      current: CURRENT_VERSION,
-      latest: latestVersion,
-      error
-    };
-  }
-}
-
-module.exports = {
-  PACKAGE_NAME,
-  CURRENT_VERSION,
-  compareVersions,
-  getInstallContext,
-  getLatestVersion,
-  checkForUpdates,
-  ensureLatestVersion,
-  applyUpdate
-};